KB Article #175941
Heartbleed OpenSSL Vulnerability (CVE-2014-0160) not affecting any Accounting Integrator versions
Problem
--Heartbleed OpenSSL Vulnerability (CVE-2014-0160)Package: OpenSSL
CVE ID: CVE-2014-0160
A vulnerability has been discovered in the TLS/DTLS Hearbeat extension for OpenSSL. Some memory from either client or server can be recovered by an attacker which may allow them to compromise encrypted private data from memory including the private key.
What versions of the OpenSSL are affected?
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
More information on this vulnerability can be found here:
https://www.openssl.org/news/secadv_20140407.txt